NCAF 2.0 Assesses National Cybersecurity Capabilities
Summary
ENISA released NCAF 2.0 (National Capabilities Assessment Framework version 2.0), an updated methodology to help national authorities strengthen cybersecurity capabilities and assess maturity of National Cybersecurity Strategies (NCSS) implementation. The framework and its associated online tool provide a structured assessment approach enabling Member States to identify strengths, gaps, and priority areas. NCAF 2.0 is aligned with the NIS2 Directive and supports the voluntary peer review process under Article 19 of that Directive.
“ENISA has released the updated National Capabilities Assessment framework – NCAF 2.0, a methodology aimed at supporting national authorities strenghten their cybersecurity capabilities and assess the maturity of national cybersecurity strategies' implementation.”
About this source
GovPing monitors ENISA News for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 8 changes logged to date.
What changed
ENISA released NCAF 2.0, an updated version of the National Capabilities Assessment Framework, providing national authorities with a practical and flexible tool to assess the implementation of National Cybersecurity Strategies (NCSS) and evaluate cybersecurity maturity. The framework enables Member States to identify strengths, gaps, and priority areas at both strategic and operational levels.
National authorities, policymakers, and government officials responsible for designing, implementing, or evaluating NCSS should be aware of this updated assessment tool. The framework facilitates mutual learning and best practice exchange across EU Member States and is aligned with the NIS2 Directive's requirements, including support for the voluntary peer review process under Article 19 of that Directive.
Archived snapshot
Apr 22, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Assess your National Cybersecurity Capabilities and Maturity with the updated ENISA Framework
News Item Apr 22,2026
ENISA has released the updated National Capabilities Assessment framework – NCAF 2.0, a methodology aimed at supporting national authorities strenghten their cybersecurity capabilities and assess the maturity of national cybersecurity strategies’ implementation.
The revised National Cybersecurity Capabilities Framework – NCAF 2.0 and online tool provide national authorities with a practical and flexible tool to better understand where the implementation of National Cybersecurity Strategies (NCSS) stands and where further efforts should be directed. Through its structured assessment approach, the framework allows Member States to identify strengths, gaps, and priority areas. By assessing the maturity of the objectives defined within national strategies, it helps authorities track progress, both at strategic and operational levels.
At EU level, NCAF 2.0 provides a common reference framework to facilitate mutual learning, the exchange of best practices, and discussions on cybersecurity capability development. It reflects the evolving EU cybersecurity policy landscape and is aligned with key legislative initiatives such as the NIS2 Directive. It also supports Member States in preparing for the voluntary peer review process foreseen under Article 19 of the NIS2 Directive.
Who can benefit from this framework?
The NCAF, and the tool associated with, are mainly addressed to policymakers, experts and government officials responsible for or involved in designing, implementing and evaluating an NCSS and, on a broader level, cybersecurity capabilities.
Ultimately, the updated framework contributes to strengthening the collective cybersecurity posture of the EU, while allowing Member States to adapt the assessment to their national context and priorities.
For more than a decade, ENISA has been directly supporting EU Member States in developing and implementing guidelines for their respective national cybersecurity strategies towards building trust, resilience and sufficient levels of transparency.
- National Capabilities Assessment Framework 2.0 - 2026
- NCAF 2.0 Online tool – 2026
- National Cybersecurity Strategies – Guidelines Tools
- National Cybersecurity Strategies – Interactive map
Share this page
Contact
For press questions and interviews, please contact: press@enisa.europa.eu.
Related topics
- National Cybersecurity Strategies Content written for: National / EU authorities
Related changes
Get daily alerts for ENISA News
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from ENISA.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when ENISA News publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.